|
Article 12
|
(Social media use policy)
- An organization shall prepare the social media use policy that should be reviewed at least once a year to govern its employees’ use of social media, covering:
- defining what social media and functions may be used, and the rules of use;
- defining what business related information may be shared on the social media;
- defining the distinction between social media for personal use and for business use, and important information; and
- defining what a specific role is authorized to speak on social media, and avoiding unauthorized statements about business affairs.
- An organization shall assess the degree of risks in the social media employees are allowed to use based on the types of social media, including, unauthorized data disclosure, social engineering, attacks by malware, and take adequate security control and management measures against high risks, such as educational trainings or promotion of awareness, content filtering and monitoring, and preventive measures including detection of malware.
|